OpenBSD 2.8 released

By
-
80

Author: JT Smith

It is our pleasure to officially announce the release of OpenBSD 2.8.
Just over 6 weeks ago, on October 18, OpenBSD turned 5 years old. In
celebration of this milestone, we invite you to enjoy our 8th release
on CDROM (and 9th via FTP). We continue to celebrate OpenBSD’s record
of three years without a remote hole in the default install.
Just like
all of our previous releases, 2.8 provides significant improvements,
including new features, in nearly all areas of the system:

  • Hardware support is improved
    (http://www.OpenBSD.org/plat.html)
  • OpenBSD 2.8 will run on Apple iMac, G3, G4, and G4 Cube machines.

  • Improved hardware crypto support, now including Hifn PowerCrypt and
    Broadcom Bluesteelnet (uBsec) hardware accelerator boards.

  • Many new Ethernet devices supported, including National
    Semiconductor
    DP83815-based adapters, 3Com MiniPCI adapters, 3Com 574-based
    PCMCIA,
    and many new CardBus devices (Xircom, Intel 21143, Intel CardBus
    II).

  • Support for most of the Gigabit Ethernet cards on the market, i.e.,
    SysKonnect, Intel, and Alteon-based.

  • Support for most types of USB devices, including Ethernet,
    printers,
    audio, etc. Sync your Handspring Visor, or transfer MP3s to your
    Rio.

  • Support for 3ware Escalade 3W-5×000 and 3W-6×000 series RAID
    controllers.

  • New audio support, including the Cirrus Logic CS4280, ForteMedia
    FM801,
    and integrated audio chips found on newer VIA and Intel
    motherboards.

  • Improvements and new support in the PCI IDE subsystem.

  • Security has been further strengthened
    (http://www.OpenBSD.org/security.html)

  • In response to the threat posed by so-called “format string” bugs,
    OpenBSD
    performed a complete source tree audit in June to identify and
    correct
    such problems. This involved countless hours of code reading and
    careful
    bug fixes. We are confident that these issues have been solved and
    that once again our proactive security auditing process has proved
    itself
    an
    invaluable component of the OpenBSD philosophy.

  • Several other security issues dealt with across the system, many of
    which
    were identified by members of the OpenBSD team themselves. Please
    see
    http://www.openbsd.org/errata27.html for more details on what was
    fixed.

  • Even more integrated cryptography
    (http://www.OpenBSD.org/crypto.html)

  • OpenSSH has been improved, debugged, and is now at version 2.3.0.
    Support
    for both SSH1 and SSH2 protocols ensures maximum interoperability
    with
    other implementations. This version also includes an SFTP server
    for
    secure file transfers with several Windows-based clients. Since
    OpenSSH
    is free, it has continued to gain acceptance on other operating
    systems
    as well. For more information, see http://www.OpenSSH.com, or
    simply install OpenBSD 2.8 and try it out. Our sincerest thanks to Markus
    Friedl,
    one of our developers and the driving force behind OpenSSH.

  • The celebration continues. What better birthday present for
    OpenBSD
    than
    the expiration of the RSA patent? SSL libraries now come as part of
    the
    base operating system install, permitting SSL and RSA applications
    to
    work normally without fancy installation tricks. These
    applications
    now
    include httpd, isakmpd, and ssh.

  • Our already very mature IPSEC code has been enhanced to comply with
    the latest standard changes, i.e., AES. Using IPSEC and bridging,
    Ethernets can be securely tunneled over the Internet. The IKE
    isakmpd
    has become more robust and can be used in a configuration-less mode
    in
    conjunction with certificates. IPSEC performance has improved for
    software cryptography, but with hardware crypto accelerators
    (including HiFn and Broadcom based encryption processors), incredibly
    fast IPSEC processing is possible.

  • Improving on the encryption of swap space introduced in the
    previous
    release, OpenBSD now uses Rijndael, the recently chosen AES
    encryption
    standard.

  • Many other bugs fixed
    (http://www.OpenBSD.org/plus28.html)

  • The “ports” tree is greatly improved
    (http://www.OpenBSD.org/ports.html)

  • The 2.8 CD ships with many more pre-built packages for the common
    architectures. The FTP site contains hundreds more packages (for
    the
    important architectures) which we could not fit onto the CDs. A
    list of
    those packages is appended below.

  • Many subsystems improved and updated since the last release:
  • XFree86 3.3.6-current
  • gcc 2.95.3
  • perl 5.6.0 plus a few fixes.
  • Apache 1.3.12 (+ patches), Mod_ssl 2.6.2, OpenSSL 0.9.5a, DSO
    support
  • ipf 3.3.18
  • groff 1.15
  • sendmail 8.10.1
  • lynx 2.8.2 with HTTPS support added
  • sudo 1.6.3p5
  • ncurses 5.2
  • Latest KAME IPv6
  • KTH Kerberos 1.0.2
  • OpenSSH 2.3.0

    If you’d like to see a list of what has changed between OpenBSD 2.7 and
    2.8, look at
    http://www.OpenBSD.org/plus28.html.

    Even though the list is a summary of the most important changes made to
    OpenBSD, it still is a very very long list — more than 700 major
    changes.

    This is our ninth OpenBSD release, and the eighth release which is
    available on CDROM. Our releases have been spaced six months apart,
    and we plan to continue this timing.

    Security and errata

    We provide patches for known security threats and other important
    issues
    discovered after each CD release. As usual, between the creation of the
    OpenBSD 2.8 FTP/CDROM binaries and the actual 2.8 release date, our
    team
    found and fixed some new reliability problems (note: most are minor,
    and
    in subsystems that are not enabled by default). Our continued research
    into security means we will find new security problems — and we always
    provide patches as soon as possible. Therefore, we advise regular
    visits to
    http://www.OpenBSD.org/security.html
    and
    http://www.OpenBSD.org/errata.html.

    CDROM sales

    OpenBSD 2.8 is also available on CDROM. A 2-CD set which costs $30USD
    is available via mail order and from a number of contacts around the
    world. The set includes a colorful booklet which carefully explains
    the installation of OpenBSD. A new set of cute little stickers is
    also
    included (sorry, but our FTP mirror sites do not support STP, the
    Sticker Transfer Protocol). Profits from these sales are the primary
    income source for the OpenBSD project — in essence selling these
    CDROM units ensures that OpenBSD will continue to make another release
    six months from now.

    For more information on ordering CDROMs, see http://www.OpenBSD.org/orders.html.
    The above web page lists a number of places where OpenBSD CDROMs can
    be purchased. For our default mail order, go directly to
    https://https.openbsd.org/cgi-bin/order
    or, for European orders,
    https://https.openbsd.org/cgi-bin/order.eu.

    All of our developers strongly urge you to buy a CDROM and support our
    future efforts. As well, donations to the project are highly
    appreciated, as described in more detail at
    http://www.OpenBSD.org/goals.html#funding.

    T-shirt sales

    The project continues to expand its funding base by selling T-shirts
    and
    polo shirts. And our users like them, too. We have a variety of shirts
    available, with the new and old designs, from our web ordering system
    at
    https://https.openbsd.org/cgi-bin/order.
    With this release, we introduce 2 new shirts.

    FTP installs

    If you choose not to buy an OpenBSD CDROM, OpenBSD can be easily
    installed via FTP. Typically you need a single small piece of boot
    media (e.g., a boot floppy) and then the rest of the files can be
    installed from a number of locations, including directly off the
    Internet. Follow this simple set of instructions to ensure that you
    find all of the documentation you will need while performing an install
    via FTP. With the CDROMs, the necessary documentation is easier to
    find.

    Read either of the following two files for a list of ftp
    mirrors which provide OpenBSD, then choose one near you:
    http://www.OpenBSD.org/ftp.html;
    ftp://ftp.OpenBSD.org/pub/OpenBSD/2.8/ftplist.

    XFree86 for most architectures

    XFree86 has been integrated more closely into the system. This
    release contains XFree86 3.3.6. Most of our architectures ship with
    XFree86, even the sparc and powerpc. During installation, you can
    install
    XFree86 quite easily. Be sure to try out xdm(1) and see how we have
    customized it for OpenBSD.

    Ports tree

    The OpenBSD ports tree contains automated instructions for building
    third party software. The software has been verified to build and run
    on the various OpenBSD architectures. The 2.8 ports collection,
    including many of the distribution files, is included on the 2-CD set.
    Please see PORTS file for more information.
    Note: some of the most popular ports, e.g., the Apache web server and
    several X applications, are now a standard part of OpenBSD. Also,
    other popular ports have been pre-compiled for those who do not desire
    to build their own binaries.

    Binary packages we provide

    A number of binary packages are provided. Please see PACKAGES file
    (ftp://ftp.OpenBSD.org/pub/OpenBSD/PACKAGES) for more details.

    System source code

    The CDROMs contain source code for all the subsystems explained above,
    and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/README) file explains how to deal with these source files. For those who are doing
    an FTP install, the source code for all four subsystems can be
    found in the pub/OpenBSD/2.8/ directory:
    X11.tar.gz; ports.tar.gz; src.tar.gz; srcsys.tar.gz.

    Thanks

    OpenBSD 2.8 introduces artwork and CD artistic layout by Ty Semaka
    (who as it happens, performs in a band called the Plaid Tongued
    Devils, http://www.thedevils.com/). Ports tree and package building
    by Brad Smith, Marc Espie, and Chris Turan. System builds by Theo de
    Raadt, Niklas Hallqvist, Todd Fries, Steve Murphree, Miod Vallat,
    Mats O Jansson, Marc Espie, and Bob Beck. ISO-9660 filesystem layout
    by Theo de Raadt. Release announcement written by Aaron Campbell.
    We would like to thank all of the people who sent in bug reports, bug
    fixes, donation checks, and hardware that we use. We would also like
    to thank those who bought our previous CDROMs. Those who did not
    support us financially have still helped us with our goal of improving
    the quality of the software.

    Our developers are:
    Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy, Artur
    Grabowski,
    Assar Westerlund, Bob Beck, Brad Smith, Brandon Creighton, Brian
    Somers,
    Bruno Rohee, Camiel Dobbelaar, Chris Cappuccio, Christian Weisgerber,
    Chris Turan, Constantine Sapuntzakis, Craig Metz, Dale Rahn, Damien
    Miller,
    Dan Harnett, David Terrell, David Leonard, David Sacerdote, Dug Song,
    Eric Jackson, Federico G. Schwindt, Hakan Olsson, Hans Insulander,
    Horacio Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe
    Finck,
    Janne Johansson, Jason Downs, Jason Ish, Jason Wright,
    Jun-ichiro itojun Hagino, Kenneth R Westerback, Kevin Lo, Kjell
    Wooding,
    M. Warner Losh, Marc Espie, Marco S Hyman, Mark Grimes,
    Markus Friedl, Mats O Jansson, Matt Behrens, Matthew Jacob,
    Matthieu Herrb, Michael Shalayeff, Miod Vallat, Nathan Binkert,
    Niels Provos, Niklas Hallqvist, Oleg Safiullin, Paul Janzen,
    Peter Galbavy, Phillip Lenhardt, Reinhard J Sammer, Sontri Tomo
    Huynh,
    Steve Murphree, Theo de Raadt, Thorsten Lockert, Tobias Weingartner,
    Todd C. Miller, Todd T. Fries, Wim Vandeputte, and Yannick Cote.
    For press contact, please contact press@OpenBSD.org.

    List of FTP sites

    The following list should be helpful for those who want to install
    OpenBSD via FTP.

    ftp://carroll.cac.psu.edu/pub/OpenBSD; Pennsylvania,
    USA
    ftp://download.sourceforge.net/pub/mirrors/OpenBSD; Sunnyvale, CA,
    USA
    ftp://filoktitis.noc.uoa.gr/pub/OpenBSD; Athens, Greece
    ftp://ftp.au.openbsd.org/pub/OpenBSD; Melbourne,
    Australia
    ftp://ftp.bsdfr.org/pub/OpenBSD; Oleane, France
    ftp://ftp.ca.openbsd.org/pub/OpenBSD; Edmonton,
    Canada
    ftp://ftp.calyx.nl/pub/OpenBSD; Amsterdam,
    Netherlands
    ftp://ftp.chg.ru/pub/OpenBSD; Chernogolovka,
    Russia
    ftp://ftp.de.openbsd.org/unix/OpenBSD; Berlin, Germany
    ftp://ftp.duth.gr/pub/OpenBSD; Thrace, Greece
    ftp://ftp.esat.net/pub/OpenBSD; Dublin, Ireland
    ftp://ftp.eu.openbsd.org/pub/OpenBSD; Zurich,
    Switzerland
    ftp://ftp.fr.openbsd.org/pub/OpenBSD; Paris, France
    ftp://ftp.gigabell.net/pub/OpenBSD; Frankfurt,
    Germany
    ftp://ftp.grolier.fr/pub/OpenBSD; Paris, France
    ftp://ftp.inet.no/pub/OpenBSD; Oslo, Norway
    ftp://ftp.it.net.au/mirrors/OpenBSD; Perth,
    Australia
    ftp://ftp.jp.openbsd.org/pub/OpenBSD; Tokyo, Japan
    ftp://ftp.kddlabs.co.jp/OpenBSD; Tokyo, Japan
    ftp://ftp.kmitl.ac.th/pub/OpenBSD; Thailand
    ftp://ftp.knowledge.com/pub/mirrors/OpenBSD; London, UK
    ftp://ftp.netlab.is.tsukuba.ac.jp/pub/os/OpenBSD; Ibaraki, Japan
    ftp://ftp.nl.uu.net/pub/OpenBSD; Amsterdam,
    Netherlands
    ftp://ftp.nz.openbsd.org/pub/OpenBSD; Auckland, New
    Zealand
    ftp://ftp.op.net/pub/OpenBSD; Ambler, PA, USA
    ftp://ftp.openbsd.org.ar/pub/OpenBSD; Buenos Aires,
    Argentina
    ftp://ftp.openbsd.org/pub/OpenBSD; Edmonton,
    Canada
    ftp://ftp.plig.org/pub/OpenBSD; London, UK
    ftp://ftp.radio-msu.net/pub/OpenBSD; Moscow, Russia
    ftp://ftp.rediris.es/mirror/OpenBSD; Madrid, Spain
    ftp://ftp.snu.ac.kr/pub/OpenBSD; Seoul, Korea
    ftp://ftp.src.uchicago.edu/pub/openbsd; Chicago, IL, USA
    ftp://ftp.stacken.kth.se/pub/OpenBSD; Stockholm,
    Sweden
    ftp://ftp.sunet.se/pub/OpenBSD; Uppsala, Sweden
    ftp://ftp.task.gda.pl/pub/OpenBSD; Gdansk, Poland
    ftp://ftp.tux.org/bsd/openbsd; Springfield, VA,
    USA
    ftp://ftp.volftp.mondadori.com/mirror/openbsd; Italy
    ftp://ftp.wiretapped.net/pub/OpenBSD; Sydney,
    Australia
    ftp://ftp.usa.openbsd.org/pub/OpenBSD; Boulder, CO, USA
    ftp://ftp1.usa.openbsd.org/pub/OpenBSD; Ann Arbor, MI,
    USA
    ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD; West Lafayette,
    IN, USA
    ftp://gandalf.neark.org/pub/distributions/OpenBSD; Batesville, AR,
    USA
    ftp://gd.tuwien.ac.at/opsys/OpenBSD; Vienna, Austria
    ftp://mirror.aarnet.edu.au/pub/OpenBSD; Brisbane,
    Australia
    ftp://openbsd.csie.nctu.edu.tw/pub/OpenBSD; Taiwan
    ftp://quasar.uvt.ro/pub/OpenBSD; Timisoara,
    Romania
    ftp://rt.fm/pub/OpenBSD; Algonquin, IL,
    USA
    ftp://sunsite.cnlab-switch.ch/pub/OpenBSD; Zurich,
    Switzerland
    ftp://sunsite.org.uk/Mirrors/ftp.openbsd.org/pub/OpenBS; London, UK
    ftp://sunsite.uio.no/pub/OpenBSD; Oslo, Norway
    ftp://uiarchive.uiuc.edu/pub/systems/OpenBSD; Urbana, IL, USA
    ftp://vell.nsc.ru/pub/OpenBSD; Novosibirsk,
    Russia

    • RELATED ARTICLESMORE FROM AUTHOR